CVE-2020-8286
published 2020-12-14CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | < 10.14.6 | 10.14.6 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.3 | 11.3 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-002_catalina | — | — |
| debian | curl | < curl 7.74.0-1 (bookworm) | curl 7.74.0-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| haxx | curl | >= 0 < 7.74.0-1 | 7.74.0-1 |
| haxx | curl | >= 0 < 7.74.0-1 | 7.74.0-1 |
| haxx | curl | >= 0 < 7.74.0-1 | 7.74.0-1 |
| haxx | curl | >= 0 < 7.74.0-1 | 7.74.0-1 |
| haxx | curl | >= 0 < 7.47.0-1ubuntu2.18 | 7.47.0-1ubuntu2.18 |
| haxx | curl | >= 0 < 7.58.0-2ubuntu3.12 | 7.58.0-2ubuntu3.12 |
| haxx | curl | >= 0 < 7.68.0-1ubuntu2.4 | 7.68.0-1ubuntu2.4 |
| haxx | libcurl | >= 7.41.0 < 7.74.0 | 7.74.0 |
| https | github.com_curl_curl | — | — |
| msrc | cm1_curl_7.68.0-3_on_cbl_mariner_1.0 | — | — |
| oracle | communications_billing_and_revenue_management | — | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | essbase | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH